PT-2009-3383 · Mozilla+2 · Thunderbird+4

Jesse Ruderman

Publicado

2009-03-05

Atualizado

2024-12-12

CVE-2009-0772

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 2 through 3.0.6 Thunderbird versions prior to 2.0.0.21 SeaMonkey version 1.1.15

Description The issue is related to the layout engine and can be triggered by vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, leading to memory corruption. This can cause a denial of service (crash) and possibly allow the execution of arbitrary code.

Recommendations For Mozilla Firefox versions 2 through 3.0.6, update to version 3.0.7 or later. For Thunderbird versions prior to 2.0.0.21, update to version 2.0.0.21 or later. For SeaMonkey version 1.1.15, update to a version later than 1.1.15.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2009-0772

DSA-1751-1

DSA-1830-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

RHSA-2009:0258

RHSA-2009:0315

RHSA-2009:0325

RHSA-2009_0258

RHSA-2009_0315

RHSA-2009_0325

Produtos afetados

Firefox

Red Hat

Seamonkey

Suse

Thunderbird

PT-2009-3383 · Mozilla+2 · Thunderbird+4

CVE-2009-0772

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3129